Why It's Time To Stop Using Flash

In another example of how good Steve Jobs was in picking technology losers and winners, in 2010 he listed all of the reasons why the world needed to move on from using Flash. At the time, Jobs was explaining why the iPhone and iPad would not support Flash but it is clear that if he could, he would have banned it from the desktop.

In 2009, Symantec had declared Adobe's Flash as having one of the worst security records, an honour that Adobe, has unfortunately done little in the intervening years to change. For Jobs, it wasn't just the security issues, as bad as they were, that he didn't like Flash. He cited the constant browser and system problems caused by Flash and the fact that apps developed using Flash technologies would never look as good as apps developed directly for the Apple platform.

In its place, Apple was going to use video playing support that was being provided directly by browsers as part of a new standard called HTML5.

Yet another Flash security flaw revealed

Four years later and Adobe is still patching security vulnerabilities. The latest came yesterday and it had tech companies and their customers scrambling to update installed versions of Flash. This particular vulnerability came to light after a Google engineer showed how the fault could be exploited to steal people's logon details.

After Android drops Flash, mobile is Flash-free

The decision by Steve Jobs not to support Flash on any of Apple's mobile devices was followed by Google in 2012 deciding not to support Flash on Android. Adobe had finally accepted that the standards-based HTML5 was going to be the way video would be displayed in the future, effectively allowing companies to bypass the use of Flash.

Why didn't the desktop follow mobile's lead?

Given the fact that the tech industry and even to a certain extent Adobe itself, has acknowledged that Flash is not their preferred technology, it is worth asking why it would still be so prevalent today. There are a number of reasons for this but unless the tech industry takes an active stance to do something about the use of Flash, it is likely to be with us for some time to come.

Flash is still in use today for two main reasons. The first is to do with the reach of Flash support across browsers that still don't support the alternative HTML5 video. The second is to do with inertia in industries that have built their businesses around this technology, specifically, the advertising and browser game developers.

The slow pace of upgrades

The transition to modern browsers is a slow process held back by consumers who never bother to update and businesses and organisations who only update in 4 to 7 year cycles. For this reason, there are still a large number of people using browsers that don't support HTML5 video, like Internet Explorer 8 and earlier versions for example.

Advertisers and game developers slow to change

Advertising companies have invested much effort over the past decade in producing interactive and attention-grabbing ads based on Flash technology. So much so, that it pages seem unusually static when these ads are not present, something you can do with Flash or Ad blocking extensions to browsers. Again there will be little incentive for these companies to move away from this technology on the desktop at least as long as they can justify the use of Flash because of its reach and cost.

The same is true for companies like Disney, who run sites like Club Penguin, a very popular children's game site written in Flash.

The job that needs finishing

The only way in which users are driven to adopt technology, and this includes upgrading to new versions, is if it is made easy for them and that if there is an incentive to do so or a disincentive not to. It is becoming easier to live without Flash but until sites like YouTube take definitive steps to end support for this technology, there will be little incentive for those organisations and users who are delaying taking action in upgrading to a browser that doesn't need Flash.

It is a pity that Steve Jobs didn't push to rid the desktop of what is an ongoing source of security vulnerabilities for desktop users. It is not too late however for someone in the tech sector to finish that particular task for him.

David Glance is Director of Innovation, Faculty of Arts, Director of Centre for Software Practice at University of Western Australia. He does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.

i think this is part of the reason, but the main reason for Apple, is that devs could build entire apps in flash (remember theres no right click in ios) and introduce their own in-flash purchases, completly circumventing the ios walled garden and the 30% that apple take plus all the developer licensing needed which costs $$ every year. A purely commercial business decision, with the article above providing much needed justification.

I would disagree, because Apple encouraged people to make web apps (with no revenue for Apple) for the iPhone before native apps were possible. Also mobile flash was not the same as desktop flash and the user experience would have sucked.

One of the biggest problems is that it buries text so that you cannot use web extensions to translate or otherwise adapt the material, nor can you extract useful material (like contact addresses) except by retyping it.

I look forward to the day where I can stop using all web plugins but It isn't that simple to just give up using web plugins such as Flash, Silverlight, Java. HTML5 adoption has been slow, many websites still use these plugins which means that the users must also.

If the fact that Flash has a woeful security record doesn't convince you, consider that the most recent security bug that was patched in Flash has been known for some time (a couple of years as I recall) but was not patched because, while theoretically exploitable, no exploit had been *demonstrated*.

The recent development was publication of a demonstration exploit.

In other words, Adobe knew of the existence of a bug, knew that it could in theory be exploited, but didn't actually patch it because nobody had public;y proven it could be exploited.

The number of times when black hat hackers with time on their hands had proven it was exploitable privately is something we're left to guess for ourselves.

I started using FlashBlock on Firefox years ago (which lets you block Flash selectively) when I noticed that the browser crashed much more often when viewing Flash-based sites. The difference that doing this makes to browser stability is astonishing.

Could you share this with on twitter? Speedtest.net still uses flash. There is a feedback post that suggest they move to html5, but evidently it's not first priority because it has been over a year and they still haven't done anything. http://goo.gl/kJKnkK is the link to the feedback thread. If enough people vote it up, we might get it sooner than later.